[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[THREDDS #ZXF-199451]: some questions



Hi Martijn,
 
> A) I'm trying to set up TDS Remote Management, as per
> http://www.unidata.ucar.edu/projects/THREDDS/tech/reference/RemoteManagement.html
> 
> But can't get it to work.

Have you had any success since your email getting this working?

> Questions:
> 
> 1. In tomcat-users.xml, I have to add 2 users, admin and yername, where I 
> assume yername can be anything, right?

It is the role names that really matter. You can use whatever user names you 
want but those users need to have the correct roles for the tasks they need to 
do. For instance, to use the Tomcat manager app a user needs the "manager" role 
and to access the TDS admin page a user needs the "tdsConfig" role. 
 
> 2. Do these users refer to linux users? Should the passwords provided here be 
> the same than?

No these are completely separate from any linux users on the machine. These 
users are only relevant to webapps being run on a particular Tomcat instance.

> 3. Does that mean that I have to make 2 .keypass documents, one for admin and 
> 1 for yername?

No. The certificate stored in the keystore is for the Tomcat server not a 
particular user. The user mentioned in the documentation is the linux (or 
whatever OS) user under which Tomcat is being run
 
> 4. But how to relate that to only 1 entry in server.xml <Connector 
> port="8443" ...> which refers to the keypass?
> 
> Running without SSL would be an option (to start with) because weâre on a 
> test server on an intranet.
> 
> 5. If I change CONFIDENTIAL to NONE, does that mean I don't have to do the 
> above steps?

That is correct. The "Running Without SSL" section of the "Remote Management" 
document you mention above describes how to allow access to the TDS admin page 
without going through SSL. Which means you don't need to create a certificate 
and store it in a keystore.
> 
> 6. Would I still use port 8443 then, or 8080?

You can use 8080 in either case. If it has to go through SSL, the request will 
be redirected 8443. If SSL is disabled, it will go through without redirect.

> 7. When I go to http://julius.npolar.no:8443/thredds/admin/debug, I get
> 
> [cid:address@hidden
> 
> Not exactly what I expected, or...?!

The authentication pop-up is normal behavior for access to the TDS admin page. 
You should get to the admin page if you authenticate as any Tomcat user (those 
in tomcat-users.xml) that has the "tdsConfig" role.

> 7. When I go to http://julius.npolar.no:8080/thredds/admin/debug, I get
> 
> [cid:address@hidden

Hmm. Not sure about this one. You should get back an HTML page. Here it looks 
like you are getting an application/octet-stream back and so your browser is 
suggesting you save it to disk.

Have you changed CONFIDENTIAL to NONE at this point?

> No matter what I fill in, this popup comes back. What am I supposed to
> fill in? The password of the linux user, or the one specified in
> tomcat-users.xml, or the one specified in the .keypass?

The one in tomcat-users.xml.

> B) Iâm also trying to locate where to put data. If in the browser
> I go to http://julius.npolar.no:8080/thredds/catalog.html and
> 
> http://julius.npolar.no:8080/thredds/catalog/testAll/catalog.html
> I get 4 
> .nc<http://julius.npolar.no:8080/thredds/catalog/testAll/catalog.html%20I%20get%204%20.nc>
> files from 
> /opt/tomcat/apache-tomcat-6.0.24/webapps/thredds/WEB-INF/altContent/startup/public/testdata.
> But if I add another __mb__eta_211.nc file there, matching the filter
> specified in catalog.xml, and restart tomcat, it doesnât show up in
> the webinterace. How come?

The actual location of that data is in content/thredds/public/testdata. [If the 
content/thredds directory doesn't exist at the time the TDS is started, it is 
created and the altContent/startup directory is copied over.] So, you could 
place data in content/thredds/public/testdata and it would show up. However, we 
don't recommend that as a place to put much data. That data is there mainly as 
an example. Generally, data should be in a directory outside of your 
${TOMCAT_HOME} directory.
 
> It is confusing to me, because location is referred to as
> âlocation/testdataâ, but I only have a altContent directory
> containing catalog.xml and the demo .nc files. Is that supposed
> to be the same?

No. The "content" in "content/testdata" is mapped to 
${TOMCAT_HOME}/content/public only so that a new installation will have some 
example data to serve before any configuration has been done.

For any kind of production server, all "location" attributes should have 
absolute paths that point to locations outside of the ${TOMCAT_HOME} directory.

Hope this helps.

Ethan

Ticket Details
===================
Ticket ID: ZXF-199451
Department: Support THREDDS
Priority: Critical
Status: Closed


NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.